A longtime reader sent me a really good question today. If I had a USB flash drive and I didn’t know where it’s been or what it’s done, how would I clean it to make it safe to use? He said using Linux was fair game, so that made the answer a lot easier.
Note that as of 2015, a knowledgeable attacker can make a USB drive that will survive this cleaning method, so I only recommend this 90% of the time, and the problem is, it’s impossible to know which 90%.
I’d use something running Linux to clean it because the chances of it containing Linux malware are lower than the chances of it containing anything else. And if you boot off a Linux live CD, there’s nothing for the drive to infect anyway–the environment goes away as soon as you power down.
Then mount the drive. How you do this will vary, but here’s how in Ubuntu derivatives.
Now, wipe the boot record. The line below assumes the USB drive is mounted as /dev/sdb, but verify it first!
dd if=/dev/zero of=/dev/sdb bs=512 count=1
This wipes out the boot record and the partition table. If the USB drive happened to be harboring a boot-sector virus, it will meet its end at the hand of that command.
Next, create a new partition. Use the command cfdisk to make it easy with a menu-driven program. You’ll probably just want to create a single partition.
Finally, format the new partition. Here’s an example–verify the partition and modify the command appropriately.
mkdosfs -F 32 -n “usbdisk” /dev/sdb1
After that, you can shut down the machine, unplug the USB device, plug it in to a Windows computer, and use it with no risk.
This procedure doesn’t sanitize the device to Department of Defense standards–not by a long shot. It overwrites the data to the point where you won’t accidentally infect yourself, but any data destroyed in this manner can be recovered relatively easily, though not with native Windows tools.
Wiping the data securely isn’t the goal here–and it would reduce the lifespan of the drive with little to gain. What these four relatively easy steps will do is make the drive safe to use again.
- Cleaning a hard drive with Linux
- MBR rootkits don’t mean you have to wipe the drive
- How to clean an MBR and recover drive partitions
- How to clean viruses off other people’s systems safely
- Only eleven percent of used hard drives contain recoverable data?